Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

analyse combofix

Vanotan

Par Vanotan
dans Analyses et éradication malwares

 Partager

Messages recommandés

Vanotan Junior Member

Vanotan

Posté(e)
Posté(e)

bonjour, je suis nouvelle sur ce forum et je demande de l'aide,

mon fils a un petit problème avec sont pc donc j'ai fait une analyse avec combofix en mode sans echec.

Et je demande si quelqu'un peux me l'analyser.

Merci d'avance.

 

ComboFix 11-01-06.06 - Tania 07/01/2011 17:12:34.1.1 - x86 NETWORK

Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.32.1036.18.2039.1413 [GMT 1:00]

Lancé depuis: F:\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\ResultBar

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-12-07 au 2011-01-07 ))))))))))))))))))))))))))))))))))))

.

 

2011-01-07 16:18 . 2011-01-07 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-07 15:34 . 2011-01-07 15:58 -------- d-----w- c:\users\Tania\AppData\Local\ElevatedDiagnostics

2011-01-07 15:13 . 2011-01-07 15:13 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-01-07 10:50 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C655976-350C-4EE9-B65D-FAB05F54CE96}\mpengine.dll

2010-12-31 16:50 . 2010-12-31 16:50 -------- d-----w- c:\users\Tania\AppData\Local\Unity

2010-12-21 15:03 . 2010-12-21 15:03 -------- d-----w- c:\users\Tania\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1

2010-12-16 12:51 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-16 12:51 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2010-12-14 17:20 . 2010-12-14 17:20 -------- d-----w- c:\program files\Dofus2Beta

2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\programdata\PopCap Games

2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\program files\PopCap Games

2010-12-11 20:28 . 2010-12-11 20:28 -------- d-----w- c:\users\Tania\AppData\Local\Ph03nixNewMedia

2010-12-11 20:27 . 2010-12-11 20:27 -------- d-----w- c:\users\Tania\AppData\Local\TempChapelain#

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-04 09:06 . 2010-12-04 08:54 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-12-04 08:54 . 2010-12-04 08:54 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-10-21 23:46 . 2010-10-21 23:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-10-21 19:48 . 2010-10-21 19:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-19 09:41 . 2010-10-21 17:26 222080 ------w- c:\windows\system32\MpSigStub.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-10-21 4240760]

"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]

"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-24 2155832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]

"CamserviceBlog"="c:\program files\Hercules\Blog Webcam\XtrCtrl.exe" [2009-10-19 2913576]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-12 77824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-21 691696]

R1 aswSP;aswSP; [x]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

R3 APL531;Hercules Blog Webcam;c:\windows\system32\Drivers\BLvidv.sys [2007-07-13 285952]

R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-09 99968]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-21 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

IE: Free YouTube Download - c:\users\Tania\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Tania\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

FF - ProfilePath - c:\users\Tania\AppData\Roaming\Mozilla\Firefox\Profiles\vj2c0n01.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox

FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=

FF - user.js: keyword.enabled - 1

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

 

 

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2011-01-07 17:20:43

ComboFix-quarantined-files.txt 2011-01-07 16:20

 

Avant-CF: 84.170.047.488 octets libres

Après-CF: 84.282.085.376 octets libres

 

- - End Of File - - 376FB614F859BB06E72C44954D6ECD52

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e) (modifié)

bonjour et Bienvenue. ;)

 

Attention avec l'utilisation de Combofix, ce n'est pas un outil sans risque :-?

 

 

Tu as encore des traces d'intrus donc fait ceci que je vois mieux cela.

 

 

* Télécharge >> OTL <<sur ton bureau.

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

vstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

Modifié par bernard53
Vanotan Junior Member

Vanotan

Posté(e)
  • Auteur
Posté(e)

Re voila c fait mais je ne sais pas mettre les fichier txt sur ci-joint il me note toujours error 005

Voila je le colle ici

 

OTL logfile created on: 7/01/2011 19:03:21 - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = G:\

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000080c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138,61 Gb Total Space | 77,71 Gb Free Space | 56,06% Space Free | Partition Type: NTFS

Drive D: | 10,34 Gb Total Space | 6,70 Gb Free Space | 64,76% Space Free | Partition Type: NTFS

Drive G: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

 

Computer Name: TANIA-PC | User Name: Tania | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - G:\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()

PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Hercules\Blog Webcam\XtrCtrl.exe (Guillemot Corporation S.A.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - G:\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_dbc0250.dll ()

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) Programme d’installation ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (UsbserFilt) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys File not found

DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys File not found

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys File not found

DRV - (catchme) -- C:\Users\Tania\AppData\Local\Temp\catchme.sys File not found

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)

DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (APL531) -- C:\Windows\System32\drivers\BLvidv.sys (Akkord Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-be

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 3B 59 1A 44 71 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"

FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube"

FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_mp3tube_results&prt=pinballtb01ff&clid=56ea2eac16734a678908d958562a2936&subid=&Keywords={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://www.google.be/firefox"

FF - prefs.js..extensions.enabledItems: belgiumeid@eid.belgium.be:1.0.7

FF - prefs.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="'>http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="

FF - prefs.js..network.proxy.type: 0

 

FF - user.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="

FF - user.js..keyword.enabled: 1

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 21:51:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 18:04:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/07 18:04:25 | 000,000,000 | ---D | M]

 

[2010/10/21 23:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tania\AppData\Roaming\mozilla\Extensions

[2010/10/22 13:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tania\AppData\Roaming\mozilla\Firefox\Profiles\vj2c0n01.default\extensions

[2011/01/07 18:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/01/07 18:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/10/21 23:33:10 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files\mozilla firefox\extensions\belgiumeid@eid.belgium.be

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/10/12 21:25:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/10/12 21:25:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/10/12 21:25:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/12/11 19:25:47 | 000,001,215 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Mp3Tube.xml

[2010/10/12 21:25:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/10/12 21:25:29 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2010/10/22 00:46:24 | 000,423,309 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14590 more lines...

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CamserviceBlog] C:\Program Files\Hercules\Blog Webcam\XtrCtrl.exe (Guillemot Corporation S.A.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube Download - C:\Users\Tania\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tania\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_6_0_1.cab ("Ma-Config.com control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/07 18:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2011/01/07 18:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech

[2011/01/07 18:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2011/01/07 18:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/01/07 18:09:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/01/07 18:09:48 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/01/07 18:09:48 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/01/07 18:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/01/07 18:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/01/07 18:01:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/01/07 18:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/01/07 18:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/01/07 17:19:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/01/07 17:11:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/01/07 17:11:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/01/07 17:11:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/01/07 17:10:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/01/07 17:08:53 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/01/07 17:08:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/01/07 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\ElevatedDiagnostics

[2011/01/07 16:13:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2011/01/06 21:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DofusArena

[2010/12/31 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\Unity

[2010/12/21 16:03:09 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1

[2010/12/16 13:51:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/12/16 13:50:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/12/16 13:50:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/12/16 13:50:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/12/16 13:50:42 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/12/16 13:50:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/12/16 13:50:42 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/12/16 13:50:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/12/16 13:50:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/12/16 13:50:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/12/16 13:50:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010/12/16 13:50:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/12/16 13:50:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2010/12/16 13:50:38 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2010/12/16 13:50:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2010/12/16 13:50:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe

[2010/12/16 13:50:36 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/12/16 13:50:36 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2010/12/16 13:50:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/12/16 13:50:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll

[2010/12/16 13:50:33 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/12/14 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dofus2Beta

[2010/12/14 18:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dofus2Beta

[2010/12/14 18:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dofus2Beta

[2010/12/13 20:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2010/12/12 02:55:40 | 000,505,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll

[2010/12/12 02:55:40 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX

[2010/12/12 02:55:38 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx

[2010/12/12 02:55:38 | 000,026,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlinst.exe

[2010/12/12 02:55:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll

[2010/12/12 02:55:37 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL

[2010/12/12 02:55:37 | 000,028,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxmlr.dll

[2010/12/12 02:55:25 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe

[2010/12/12 02:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime

[2010/12/11 21:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2010/12/11 21:28:51 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\Ph03nixNewMedia

[2010/12/11 21:27:32 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\TempChapelain#

[2010/12/10 22:33:24 | 000,000,000 | ---D | C] -- C:\Users\Tania\Documents\JoWooD

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/07 19:02:49 | 000,704,924 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/01/07 19:02:49 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/01/07 19:02:49 | 000,130,940 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/01/07 19:02:49 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/01/07 19:01:32 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/07 19:01:32 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/07 18:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/07 18:57:56 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/07 10:03:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/01/06 23:08:41 | 000,000,008 | ---- | M] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_1

[2011/01/06 22:47:34 | 000,000,169 | ---- | M] () -- C:\Users\Tania\AppData\Roaming\D2Info0

[2011/01/04 19:33:40 | 000,000,008 | ---- | M] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_2

[2010/12/23 20:56:37 | 000,000,008 | ---- | M] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_3

[2010/12/21 17:43:15 | 000,000,008 | ---- | M] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_4

[2010/12/21 12:05:27 | 000,267,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/12/12 03:02:52 | 000,000,024 | ---- | M] () -- C:\Windows\AM_D8.PRF

[2010/12/11 22:45:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/12/11 22:45:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/01/07 17:11:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/01/07 17:11:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/01/07 17:11:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/01/07 17:11:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/01/07 17:11:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/12/21 16:03:09 | 000,000,008 | ---- | C] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_4

[2010/12/12 03:02:52 | 000,000,024 | ---- | C] () -- C:\Windows\AM_D8.PRF

[2010/12/12 02:55:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2010/12/12 02:55:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2010/12/12 02:55:38 | 000,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca

[2010/12/12 02:55:37 | 000,029,184 | ---- | C] () -- C:\Windows\System32\MSINET.oca

[2010/12/11 22:45:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/12/11 22:45:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/11/27 11:16:22 | 000,000,008 | ---- | C] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_3

[2010/11/27 10:35:56 | 000,000,008 | ---- | C] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_1

[2010/11/26 21:33:39 | 000,000,169 | ---- | C] () -- C:\Users\Tania\AppData\Roaming\D2Info0

[2010/11/26 21:33:39 | 000,000,008 | ---- | C] () -- C:\Users\Tania\AppData\Roaming\DofusAppId0_2

[2010/11/23 19:45:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll

[2010/11/15 18:20:01 | 000,024,064 | ---- | C] () -- C:\Users\Tania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/10 22:17:38 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2010/10/22 00:46:11 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/10/21 21:45:57 | 000,000,353 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/10/21 18:18:45 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/08/28 10:07:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\belpicppgui.dll

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/02/05 12:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Tania\AppData\Local\setup.txt

[2007/11/14 10:38:12 | 004,014,080 | ---- | C] () -- C:\Windows\System32\qt-mt334.dll

[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2010/03/03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys

[2010/03/03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys

 

< MD5 for: IASTORV.SYS >

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< >

 

< >

 

< End of report >

 

OTL Extras logfile created on: 7/01/2011 19:03:21 - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = G:\

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000080c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138,61 Gb Total Space | 77,71 Gb Free Space | 56,06% Space Free | Partition Type: NTFS

Drive D: | 10,34 Gb Total Space | 6,70 Gb Free Space | 64,76% Space Free | Partition Type: NTFS

Drive G: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

 

Computer Name: TANIA-PC | User Name: Tania | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0760DE01-36E3-44BF-9F3B-EDED55D7B105}" = Hercules Blog Webcam

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 23

"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel® Network Connections 15.5.74.0

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{824563DE-75AD-4166-9DC0-B6482F206193}" = Belgium e-ID middleware 3.5.3 (build 6193)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-006D-040C-0000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010

"{90140011-0061-040C-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Français

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96EB95A2-5245-4EA2-B6EA-B8BA2FBF64C4}" = Ma-Config.com

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - A L’AUBE D’UN NOUVEAU ROYAUME

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources

"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"8461-7759-5462-8226" = Vuze

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"eMule" = eMule

"Free Studio_is1" = Free Studio version 4.9.12

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010

"PokerStars" = PokerStars

"PROSetDX" = Intel® Network Connections 15.5.74.0

"Rainlendar2" = Rainlendar2 (remove only)

"Revo Uninstaller" = Revo Uninstaller 1.90

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TVWiz" = Intel® TV Wizard

"Uninstall_is1" = Uninstall 1.0.0.1

"WinLiveSuite" = Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"PhotoFiltre Studio X" = PhotoFiltre Studio X

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13/12/2010 15:18:41 | Computer Name = Tania-PC | Source = Application Hang | ID = 1002

Description = Le programme AutoRun.exe version 1.0.0.293 a cessé d’interagir avec

Windows et a été fermé. Pour déterminer si des informations supplémentaires sont

disponibles, consultez l’historique du problème dans le Centre de maintenance. ID

de processus : 528 Heure de début : 01cb9af8dd5fe375 Heure de fin : 60000 Chemin d’accès

de l’application : C:\Users\Tania\AppData\Local\Temp\AutoRun.exe ID de rapport :

 

 

Error - 21/12/2010 07:10:56 | Computer Name = Tania-PC | Source = VSS | ID = 8194

Description =

 

Error - 22/12/2010 07:49:43 | Computer Name = Tania-PC | Source = Application Hang | ID = 1002

Description = Le programme AvastUI.exe version 5.0.677.0 a cessé d’interagir avec

Windows et a été fermé. Pour déterminer si des informations supplémentaires sont

disponibles, consultez l’historique du problème dans le Centre de maintenance. ID

de processus : 29c Heure de début : 01cba1cdf6dd6943 Heure de fin : 60000 Chemin d’accès

de l’application : C:\Program Files\Alwil Software\Avast5\AvastUI.exe ID de rapport

: 644f9072-0dc1-11e0-bf50-001cc4c8206f

 

Error - 31/12/2010 12:53:54 | Computer Name = Tania-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16700,

horodatage : 0x4cd23213 Nom du module défaillant : ntdll.dll, version : 6.1.7600.16559,

horodatage : 0x4ba9b21e Code d’exception : 0xc0000005 Décalage d’erreur : 0x00028c92

ID

du processus défaillant : 0x15d8 Heure de début de l’application défaillante : 0x01cba90a3696461b

Chemin

d’accès de l’application défaillante : C:\Program Files\Internet Explorer\iexplore.exe

Chemin

d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 8cdfba33-14fe-11e0-9781-001cc4c8206f

 

Error - 7/01/2011 06:50:43 | Computer Name = Tania-PC | Source = System Restore | ID = 8193

Description =

 

Error - 7/01/2011 12:11:13 | Computer Name = Tania-PC | Source = VSS | ID = 18

Description =

 

Error - 7/01/2011 12:11:13 | Computer Name = Tania-PC | Source = VSS | ID = 8193

Description =

 

Error - 7/01/2011 12:11:13 | Computer Name = Tania-PC | Source = System Restore | ID = 8193

Description =

 

Error - 7/01/2011 13:06:06 | Computer Name = Tania-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante explorer.exe, version : 6.1.7600.16450,

horodatage : 0x4aeba271 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage

: 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x60ec649e ID du processus

défaillant : 0x120c Heure de début de l’application défaillante : 0x01cbae8d2b7ba329

Chemin

d’accès de l’application défaillante : C:\Windows\explorer.exe Chemin d’accès du

module défaillant: unknown ID de rapport : 69a8b858-1a80-11e0-a438-001cc4c8206f

 

Error - 7/01/2011 13:14:18 | Computer Name = Tania-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante explorer.exe, version : 6.1.7600.16450,

horodatage : 0x4aeba271 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage

: 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x729a649e ID du processus

défaillant : 0x1668 Heure de début de l’application défaillante : 0x01cbae8e4ee6e48d

Chemin

d’accès de l’application défaillante : C:\Windows\explorer.exe Chemin d’accès du

module défaillant: unknown ID de rapport : 8f32b37a-1a81-11e0-a438-001cc4c8206f

 

[ System Events ]

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

Error - 15/11/2010 14:23:25 | Computer Name = Tania-PC | Source = BTHUSB | ID = 327685

Description = Le pilote Bluetooth attendait un événement HCI d'une certaine taille

mais ne l'a pas reçu.

 

 

< End of report >

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

OK fait ceci.

 

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL

DRV - (catchme) -- C:\Users\Tania\AppData\Local\Temp\catchme.sys File not found

FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_mp3tube_results&prt=pinballtb01ff&clid=56ea2eac16734a678908d958562a2936&subid=&Keywords={searchTerms}"

FF - prefs.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="'>http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="

FF - user.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="

[2010/12/11 19:25:47 | 000,001,215 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Mp3Tube.xml

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

:Files

C:\Program Files\mozilla firefox\searchplugins\Mp3Tube.xml

C:\ProgramData\PopCap Games

 

:Commands

[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

 

 

 

 

ensuite::

 

Tu a Malwaresbytes donc::

 

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.

Vanotan Junior Member

Vanotan

Posté(e)
  • Auteur
Posté(e)

Bonjour,

Analyse malwarebyte en cour.

Toujours pas reussi a mettre le fichier sur ci-joint desolé suis pas douée.

 

All processes killed

========== OTL ==========

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\Users\Tania\AppData\Local\Temp\catchme.sys File not found not found.

Prefs.js: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_mp3tube_results&prt=pinballtb01ff&clid=56ea2eac16734a678908d958562a2936&subid=&Keywords={searchTerms}" removed from browser.search.selectedEngineURL

Prefs.js: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=" removed from keyword.URL

C:\Users\Tania\AppData\Roaming\Mozilla\FireFox\Profiles\vj2c0n01.default\user.js moved successfully.

C:\Program Files\mozilla firefox\searchplugins\Mp3Tube.xml moved successfully.

File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

========== FILES ==========

File\Folder C:\Program Files\mozilla firefox\searchplugins\Mp3Tube.xml not found.

C:\ProgramData\PopCap Games\.system folder moved successfully.

C:\ProgramData\PopCap Games folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Tania

->Temp folder emptied: 311248 bytes

->Temporary Internet Files folder emptied: 1486826 bytes

->Java cache emptied: 1604520 bytes

->FireFox cache emptied: 51102638 bytes

->Flash cache emptied: 58554 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4419 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 52,00 mb

 

 

OTL by OldTimer - Version 3.2.20.1 log created on 01082011_164049

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

Et merci pour ton aide

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...